Filters








21 Hits in 1.3 sec

PBES

Rakesh Bobba, Himanshu Khurana, Musab AlTurki, Farhana Ashraf
2009 Proceedings of the 4th International Symposium on Information, Computer, and Communications Security - ASIACCS '09  
In distributed systems users need the ability to share sensitive content with multiple other recipients based on their ability to satisfy arbitrary policies. One such system is electricity grids where finegrained sensor data sharing holds the potential for increased reliability and efficiency. However, effective data sharing requires technical solutions that support flexible access policies, for example, sharing more data when the grid is unstable. In such systems, both the messages and
more » ... are sensitive and, therefore, they need to kept be secret. Furthermore, to allow for such a system to be secure and usable in the presence of untrusted object stores and relays it must be resilient in the presence of active adversaries and provide efficient key management. While several of these properties have been studied in the past we address a new problem in the area of policy based encryption in that we develop a solution with all of these capabilities. We develop a Policy and Key Encapsulation Mechanism − Data Encapsulation Mechanism (PKEM-DEM) encryption scheme that is a generic construction secure against adaptive chosen ciphertext attacks and develop a Policy Based Encryption System (PBES) using this scheme that provides these capabilities. We provide an implementation of PBES and measure its performance.
doi:10.1145/1533057.1533093 dblp:conf/ccs/BobbaKAA09 fatcat:6yxfi4pqv5dyzggnngx3keh3my

PVeStA: A Parallel Statistical Model Checking and Quantitative Analysis Tool [chapter]

Musab AlTurki, José Meseguer
2011 Lecture Notes in Computer Science  
The tool, which is available for download online at http://www.cs.illinois.edu/~alturki/pvesta, consists of two commandline-based executable programs: (1) a client program pvesta-client, which implements  ... 
doi:10.1007/978-3-642-22944-2_28 fatcat:afxsguhebnch3cguy6fh4xeb2q

Model-Checking DoS Amplification for VoIP Session Initiation [chapter]

Ravinder Shankesi, Musab AlTurki, Ralf Sasse, Carl A. Gunter, José Meseguer
2009 Lecture Notes in Computer Science  
Current techniques for the formal modeling analysis of DoS attacks do not adequately deal with amplification attacks that may target a complex distributed system as a whole rather than a specific server. Such threats have emerged for important applications such as the VoIP Session Initiation Protocol (SIP). We demonstrate a modelchecking technique for finding amplification threats using a strategy we call measure checking that checks for a quantitative assessment of attacker impact using term
more » ... writing. We illustrate the effectiveness of this technique with a study of SIP. In particular, we show how to automatically find known attacks and verify that proposed patches for these attacks achieve their aim. Beyond this, we demonstrate a new amplification attack based on the compromise of one or more SIP proxies. We show how to address this threat with a protocol change and formally analyze the effectiveness of the new protocol against amplification attacks.
doi:10.1007/978-3-642-04444-1_24 fatcat:kv3xf4buxnhirhh4li2cvdbkt4

Reduction Semantics and Formal Analysis of Orc Programs

Musab AlTurki, José Meseguer
2008 Electronical Notes in Theoretical Computer Science  
Orc is a language for orchestration of web services developed by J. Misra that offers simple, yet powerful and elegant, constructs to program sophisticated web orchestration applications. The formal semantics of Orc poses interesting challenges, because of its real-time nature and the different priorities of external and internal actions. In this paper, building upon our previous SOS semantics of Orc in rewriting logic, we present a much more efficient reduction semantics of Orc, which is
more » ... ly equivalent to the SOS semantics thanks to a strong bisimulation. We view this reduction semantics as a key intermediate stage towards a future, provably correct distributed implementation of Orc, and show how it can naturally be extended to a distributed actor-like semantics. We show experiments demonstrating the much better performance of the reduction semantics when compared to the SOS semantics. Using the Maude rewriting logic language, we also illustrate how the reduction semantics can be used to endow Orc with useful formal analysis capabilities, including an LTL model checker. We illustrate these formal analysis features by means of an online auction system, which is modeled as a distributed system of actors that perform Orc computations.
doi:10.1016/j.entcs.2008.04.091 fatcat:lnvhmrvkdfh7nmitv6mrmzgpku

Formal Specification and Analysis of Timing Properties in Software Systems [chapter]

Musab AlTurki, Dinakar Dhurjati, Dachuan Yu, Ajay Chander, Hiroshi Inamura
2009 Lecture Notes in Computer Science  
Specifying and analyzing timing properties is a critical but error-prone aspect of developing many modern software systems. In this paper, we propose a new specification language and analysis framework for expressing and analyzing timing behaviors of complex software systems. Our framework has the following significant benefits: a) it is expressive, b) it supports trace analysis and simulation of timing behaviors, c) allows for verification of properties of specification, and d) checks for
more » ... n usage errors of timing constructs. The language constructs for timing were chosen to be very flexible, suitable for expressing different kinds of timing behaviors, and are inspired from timing constructs used in previous languages like SDL. We define the formal semantics of our language using a real-time rewrite theory. Since real-time rewrite theories are executable in Real-Time Maude, our framework supports trace analysis and simulation of timing behavior for specifications. Furthermore, the timed model checker for Real-Time Maude can be readily used for analyzing and verifying various real-time properties of the specifications. Finally, to prevent misuses of timing constructs that can be made possible due to their flexibility, we develop abstract interpretation based static analysis tools that check for common usage errors. We believe that our framework, with the above benefits, provides a significant step forward in facilitating the use of formal tools for specification and analysis of timing behaviors in software development.
doi:10.1007/978-3-642-00593-0_18 fatcat:zbfklx4hf5gktkfmrsagfe6apa

Stable Availability under Denial of Service Attacks through Formal Patterns [chapter]

Jonas Eckhardt, Tobias Mühlbauer, Musab AlTurki, José Meseguer, Martin Wirsing
2012 Lecture Notes in Computer Science  
A first modularized formalization of the ASV protocol was given by AlTurki in [5] . In this work we extend this specification by making its modularization more explicit using parametrized modules.  ... 
doi:10.1007/978-3-642-28872-2_6 fatcat:4r4otfp6ubcg7onwdgvdgd6woe

Probabilistic Modeling and Analysis of DoS Protection for the ASV Protocol

Musab AlTurki, José Meseguer, Carl A. Gunter
2009 Electronical Notes in Theoretical Computer Science  
AlTurki et al. / Electronic Notes in Theoretical ComputerScience 234 (2009) 3-18  ... 
doi:10.1016/j.entcs.2009.02.069 fatcat:s4gwkp6dgnfstgoragirdopxwm

Executable rewriting logic semantics of Orc and formal analysis of Orc programs

Musab A. AlTurki, José Meseguer
2015 Journal of Logical and Algebraic Methods in Programming  
The Orc calculus is a simple, yet powerful theory of concurrent computations with great versatility and practical applicability to a very wide range of applications, as it has been amply demonstrated by the Orc language, which extends the Orc calculus with powerful programming constructs that can be desugared into the underlying formal calculus. This means that for: (i) theoretical, (ii) program verification, and (iii) language implementation reasons, the formal semantics of Orc is of great
more » ... rtance. Furthermore, having a semantics of Orc that is executable is essential to provide: (i) a formally-defined interpreter against which language implementations can be validated, and (ii) a (semi-)automatic way of generating a wide range of semantics-based program verification tools, including model checkers and theorem provers. This work proposes a formal executable semantics for Orc in rewriting logic, to support formal verification of Orc programs and to make possible semantics-based correct-byconstruction Orc implementations. While being a very simple calculus, Orc has a quite subtle semantics, so that fully capturing all its semantic aspects is highly nontrivial. The two main sources of subtlety are: (i) its real-time semantics, and (ii) the priority of internal computations within an Orc expression over external computations that process responses from external sites. In this paper, we show a simple and elegant way of handling these two sources of subtlety in rewriting logic using an order-sorted type system supporting subtypes and subtype polymorphism, and "tick" rewrite rules for capturing time. Moreover, our rewriting semantics incorporates useful semantic equivalences between Orc programs as equations and equational attributes, making the semantics both more abstract and more efficient. The semantics of Orc is given in two different styles: (i) an SOS style, which is directly based on the original SOS of Orc, whose correctness follows immediately by construction, and (ii) a reduction semantics, which is much more efficiently executable and analyzable, as shown through several experiments, and whose correctness is proved using a strong bisimulation theorem. The paper also presents MOrc, a simulator and model checking tool based on the rewriting semantics of Orc and Real-Time Maude. MOrc facilitates formal verification of Orc programs, and allows for user-defined state predicates and LTL formulas, with no need for any prior knowledge of Maude or its rewriting logic foundations.
doi:10.1016/j.jlamp.2015.03.003 fatcat:egkplirdb5dnbdkpa7bgpeb6ha

Towards a Verified Model of the Algorand Consensus Protocol in Coq [article]

Musab A. Alturki, Jing Chen, Victor Luchangco, Brandon Moore, Karl Palmskog, Lucas Peña, Grigore Roşu
2019 arXiv   pre-print
The Algorand blockchain is a secure and decentralized public ledger based on pure proof of stake rather than proof of work. At its core it is a novel consensus protocol with exactly one block certified in each round: that is, the protocol guarantees that the blockchain does not fork. In this paper, we report on our effort to model and formally verify the Algorand consensus protocol in the Coq proof assistant. Similar to previous consensus protocol verification efforts, we model the protocol as
more » ... state transition system and reason over reachable global states. However, in contrast to previous work, our model explicitly incorporates timing issues (e.g., timeouts and network delays) and adversarial actions, reflecting a more realistic environment faced by a public blockchain. Thus far, we have proved asynchronous safety of the protocol: two different blocks cannot be certified in the same round, even when the adversary has complete control of message delivery in the network. We believe that our model is sufficiently general and other relevant properties of the protocol such as liveness can be proved for the same model.
arXiv:1907.05523v1 fatcat:nkspdkdwfjhtxjtlxon6mt7bru

Dist-Orc: A Rewriting-based Distributed Implementation of Orc with Formal Analysis

Musab AlTurki, José Meseguer
2010 Electronic Proceedings in Theoretical Computer Science  
Orc is a theory of orchestration of services that allows structured programming of distributed and timed computations. Several formal semantics have been proposed for Orc, including a rewriting logic semantics developed by the authors. Orc also has a fully fledged implementation in Java with functional programming features. However, as with descriptions of most distributed languages, there exists a fairly substantial gap between Orc's formal semantics and its implementation, in that: (i)
more » ... s in Orc are not easily deployable in a distributed implementation just by using Orc's formal semantics, and (ii) they are not readily formally analyzable at the level of a distributed Orc implementation. In this work, we overcome problems (i) and (ii) for Orc. Specifically, we describe an implementation technique based on rewriting logic and Maude that narrows this gap considerably. The enabling feature of this technique is Maude's support for external objects through TCP sockets. We describe how sockets are used to implement Orc site calls and returns, and to provide real-time timing information to Orc expressions and sites. We then show how Orc programs in the resulting distributed implementation can be formally analyzed at a reasonable level of abstraction by defining an abstract model of time and the socket communication infrastructure, and discuss the assumptions under which the analysis can be deemed correct. Finally, the distributed implementation and the formal analysis methodology are illustrated with a case study.
doi:10.4204/eptcs.36.2 fatcat:mdmmrb3bvndcdgg7n6k367quam

Management of Septic Arthritis in Emergency Department

Mohammed H. Abushal, Yazeed Ali S. Albalawi, Muflih Abdullah S. Albalawi, AlTurki Abdulrahman Mohammed, Amal Sulaiman A. Albalawi, Rola Ali S. Alotabi, Abdulrahim Oudah A. Albalawi, Sultan Suliman Q. Al-Ruwaili, Zahraa Abbas A. Kassarah Al-nakhli, Nada Saleem S. alhawiti, Abdalah Emad Almhmd, Naif Abdullah M. Alzahrani (+3 others)
2021 Journal of Pharmaceutical Research International  
Bacterial arthritis is an inflammation of the joints caused by an infectious etiology, usually bacterial, but there are also fungi, mycobacteria, viruses, or other rare pathogens. Both healthy and predisposed people can be infected. Nongonococcal infectious arthritis, usually a monoarticular disease, affects multiple joints in about 10% of patients and is a new form of septic arthritis. Without treatment, it can progress rapidly and cause irreversible damage to the joints. The overall incidence
more » ... of bacterial arthritis is 2 to 6 per 100,000, depending on the presence of risk factors. Bacterial arthritis is more common in children than in adults. The incidence of septic arthritis peaks between the ages of 2 and 3 and is predominantly male (2: 1). Most septic joints develop as a result of hematogenous dissemination of the vascular synovium due to bacterial episodes. Osteoarthritis, rheumatoid arthritis, and corticosteroid therapy are the most common predisposing conditions. Typical symptoms of acute septic arthritis without gonorrhea include recent fever, malaise, and local findings of pain, warmth, swelling, and restricted mobility of the affected joint. Accurate history and assessment of risk factors can provide important clues for diagnosis. Careful assessment of risk factors can significantly change the likelihood of a provider developing septic arthritis prior to testing. Laboratory findings, diagnostic imaging, and synovial fluid assessment are all useful for diagnosis. Management components include early detection and treatment with joint aspiration, antibiotics, and orthopedic advice for possible surgical management. Widespread antibiotics are often needed due to the potential for rapid joint destruction. A combination of cefepime or anti-Pseudomonas aeruginosa beta-lactams and vancomycin is recommended to cover both Gram-negative and MRSA bacteria.
doi:10.9734/jpri/2021/v33i50a33400 fatcat:xlt4jjyoi5cypdzyghupzcksla

Table of Contents

2020 2020 Working Conference on Software Visualization (VISSOFT)  
Alturki (King Fahd University of Petroleum and Minerals) Identifying Usability Issues of Software Analytics Applications in Immersive Augmented Reality 100 David Baum (Leipzig University), Stefan Bechert  ...  Visualization of Method Invocations by Extending Reverse-Engineered Sequence Diagrams 49 Taher Ahmed Ghaleb (Queen's University), Khalid Aljasser (King Fahd University of Petroleum and Minerals), and Musab  ... 
doi:10.1109/vissoft51673.2020.00004 fatcat:yid767ltgzfihdldlfvt4x6yau

On Security Analysis of Periodic Systems: Expressiveness and Complexity

Musab Alturki, Tajana Kirigin, Max Kanovich, Vivek Nigam, Andre Scedrov, Carolyn Talcott
2021 Proceedings of the 7th International Conference on Information Systems Security and Privacy   unpublished
ACKNOWLEDGMENTS Part of this work was done during the visits to the University of Pennsylvania by Alturki, Ban Kirigin, Kanovich, Nigam, and Talcott, which were partially supported by ONR grant N00014  ...  Similar to the work in (AlTurki et al., 2018) , statistical model-checking could be applied to investigate the success rates of various intruder strategies.  ... 
doi:10.5220/0010195100430054 fatcat:gzu3z26i7rectciq2l56nzvomq

Formal Model Engineering for Embedded Systems Using Real-Time Maude

Peter Csaba Ölveczky
2011 Electronic Proceedings in Theoretical Computer Science  
A Modeling Language for Handset Software In [1] , Musab AlTurki and researchers at DOCOMO USA Labs describe a simple but powerful specification language, called L , that is claimed to be well suited for  ... 
doi:10.4204/eptcs.56.1 fatcat:fvavv3rpjzgpzdvrsyuj32sxhe

Real-Time Maude and Its Applications [chapter]

Peter Csaba Ölveczky
2014 Lecture Notes in Computer Science  
In [4] , Musab AlTurki and researchers at DOCOMO USA Labs give a Real-Time Maude semantics to a simple but powerful specification language, called L, that is claimed to be well suited for describing a  ...  In [5] , Musab AlTurki and José Meseguer show how (i) one can go from an Orc specification to a distributed Maude implementation of the Orc specification, using their Maude semantics of Orc and Maude  ... 
doi:10.1007/978-3-319-12904-4_3 fatcat:vl2pr3hnpzarlaertiowpl7nki
« Previous Showing results 1 — 15 out of 21 results